On Wed, Jan 12, 2005 at 02:00:46PM -0500, Grzegorz B. Prokopski wrote: > > > That's an .. unlikely .. bug to occur in practise. I guess only > > > root can modify the GECOS field. > > > > No, you can use the chfn command to change all data in your own GECOS field > > except your real name. The command checks the length of all data, so you > > probably can't use it for this attack (it might be possible to enter the > > maximum amount in each field and make it reach 160 bytes that way). There > > are > > other systems that will let you edit your GECOS field, like webmin (I think) > > and more. > > > > It's not a really serious bug, but IMHO worth fixing. > > I do not have my new GPG key signed yet (sigh) so I am in no position to > perform an upload. Could somebody please apply the fix and NMU?
I will do so tomorrow if nobody else beats me to it. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
